Tackling Obsolete Product Issues using MSIX within the CES Framework Guidelines

Tackling Obsolete Product Issues using MSIX within the CES Framework Guidelines

Apr 27, 2023 | Articles

Introduction

Obsolete products and outdated software applications pose significant security risks for organisations. The CES (Cyber Essentials Scheme) framework is designed to help address these challenges, ensuring that businesses can protect themselves from potential cyber threats. One of the key strategies to tackle the risks associated with obsolete products is using MSIX, a modern packaging format developed by Microsoft. In this blog, we will explore the challenges associated with obsolete products in the CES framework and how using MSIX can help your organisation comply with the security guidelines.

Challenges with Obsolete Products in the CES Framework

Obsolete products, including out-of-date smartphones, tablets, laptops, desktop PCs, and software applications, contribute to two main problems:

  1. Lack of security updates: Unsupported products no longer receive security patches, increasing the likelihood of attackers exploiting known vulnerabilities.
  2. Absence of the latest security mitigations: older products may not include up-to-date security measures, making successful exploitation more likely and detection more difficult.

Both issues make high-impact security incidents more probable, potentially leading to disastrous consequences across the organisation. To comply with the CES framework, organisations must address these challenges and minimise the risks associated with obsolete products.

The MSIX packaging format

MSIX is a versatile packaging format that supports a wide range of applications, including legacy Win32, WPF, and Windows Forms applications. By using MSIX for deploying and managing obsolete applications, organisations can achieve several key benefits:

  1. Simplified deployment and updates: MSIX streamlines deploying and updating applications, making it easier to manage legacy software.
  2. Application isolation: MSIX ensures that applications run in isolated environments, reducing potential conflicts, and improving system stability.
  3. Clean uninstallation: MSIX allows for the complete removal of applications, leaving no residual files or registry entries on the system.
  4. Enhanced security: MSIX offers various security features, such as certificate signing and restricted access to system resources.
  5. Customisation: MSIX enables modifications to application settings and configurations without altering original binaries, allowing organisations to adapt legacy apps to their specific requirements.

Complying with the CES Framework Using MSIX

To utilise MSIX for managing obsolete products in compliance with the CES framework, organisations should follow these general steps:

  1. Obtain the original installation files for the legacy application.
  2. Use appCURE Capture and Packager to create an MSIX package from the original installer or application files.
  3. Test the newly created MSIX package on a target system to ensure proper functionality.
  4. Sign the MSIX package with a trusted certificate to enable secure deployment.
  5. Deploy the MSIX package to target systems using a preferred deployment method (e.g., System Center Configuration Manager, Intune, Azure Virtual Desktop (MSIX app attach) or a third-party tool).

Conclusion

MSIX provides a powerful solution for addressing the challenges associated with obsolete products in the CES framework. By adopting MSIX, organisations can better manage legacy applications, enhance security, and comply with the CES guidelines. However, it is crucial to assess the compatibility of each legacy application with MSIX packaging and make any necessary adjustments or seek alternative solutions when needed. By doing so, organisations can minimise the risks associated with using out-of-date technology and work towards a more secure and modernised application management process.

Want to learn more, Why not get In touch with our team today!

Find Out More
The Growing Threat of Supply Chain Attacks via Application Installers and the Importance of Post-Installation Inspection

The Growing Threat of Supply Chain Attacks via Application Installers and the Importance of Post-Installation Inspection

Apr 11, 2023 | Articles

Introduction

In recent years, there has been a significant increase in supply chain attacks targeting software applications from reputable vendors. These attacks exploit vulnerabilities in application installers to infiltrate networks and systems, potentially causing catastrophic damage. As the risk of such attacks continues to rise, organisations should prioritise inspecting applications and their post-installation behaviours to mitigate the threats posed by phase 2 and 3 attacks. This article will delve into the importance of reviewing all application packages from vendors before releasing them to production environments. Only recently, 3CX, a popular software-based phone system company, was subject to a supply chain attack.

The Rise of Supply Chain Attacks

Supply chain attacks are malicious attempts to compromise third-party software components or services in order to gain unauthorised access to a target system. These attacks have become increasingly popular among cybercriminals as they can bypass traditional security measures by exploiting trusted relationships between software vendors and their customers. Application installers from reputable vendors are particularly attractive targets, as they can easily infiltrate a system without raising suspicion.

Phase 2 and 3 Attacks: The Hidden Dangers

Phase 2 and phase 3 attacks refer to the stages of a multi-stage cyberattack that follows an initial compromise in a supply chain attack. While these terms are not industry-standard terminology, they help illustrate the progressive nature of advanced cyberattacks. Here’s a breakdown of the different phases:

  • Phase 1 – Initial Compromise: The first phase typically involves the attacker compromising a third-party software or service, such as an application installer from a reputable vendor, to gain access to the target system. In supply chain attacks, this is achieved by exploiting vulnerabilities in the software or by inserting malicious code into the software package.
  • Phase 2 – Establishing Persistence: Once the attacker has gained access to the target system, the second phase involves establishing persistence within the network or system. This can include deploying additional malware, creating backdoors, or leveraging legitimate tools and services to maintain a foothold in the compromised environment. During this phase, the attacker works to avoid detection and strengthen their position within the target system.
  • Phase 3 – Lateral Movement and Execution: In the third phase, the attacker seeks to expand their access within the compromised system, moving laterally through the network and potentially compromising additional systems. This phase also involves the execution of the attacker’s primary objectives, such as exfiltrating sensitive data, deploying ransomware, or causing disruption to the target organisation’s operations.

By understanding the progression of these attacks, organisations can better defend themselves against the threats posed by supply chain attacks and other advanced cyber threats. Monitoring and inspecting applications and their behaviours, particularly post-installation, can help identify and mitigate risks associated with phase 2 and 3 attacks.

Inspecting Applications and Their Behaviours Post-Installation

  • To mitigate the risk of phase 2 and 3 attacks, it is crucial to inspect applications and their behaviours post-installation. Organisations should consider implementing the following steps:
  • Perform a thorough analysis of the application’s source code, configuration files, and dependencies to detect any potential vulnerabilities or malicious components.
  • Monitor the application’s runtime behaviour to identify any unusual or unexpected actions, such as unauthorised network connections, file manipulation, or privilege escalation.
  • Employ behaviour-based detection tools and security solutions that can automatically flag suspicious application activities.
  • Regularly update software and apply security patches to minimise the attack surface and prevent exploitation of known vulnerabilities.

Reviewing All Application Packages Before Production Release

Given the growing prevalence of supply chain attacks, organisations must review all vendor application packages before releasing them to production environments. This process should include:

Verifying the integrity of the application package by checking digital signatures, hashes, and certificates to ensure the software has not been tampered with.

Employing sandboxing techniques to test and analyse the application in an isolated environment safely. This allows organisations to observe the application’s behaviour without risking the security of their production systems.

Conduct regular security audits of vendors and their software development processes to assess the potential risks and ensure adherence to security best practices, like ISO27001. This helps maintain a high level of trust and confidence in the software being delivered.

Establishing a security-focused mindset within the organisation, emphasising the importance of constant vigilance and collaboration between IT, security, and development teams. This can help ensure that security considerations are taken into account throughout the software development lifecycle and in the deployment of applications.

Conclusion

As the risk of supply chain attacks using application installers from reputable vendors continues to rise, organisations must prioritise inspecting applications and their post-installation behaviours to reduce the likelihood of phase 2 and 3 attacks. By thoroughly reviewing all application packages before releasing them to production and maintaining a proactive security posture, organisations can significantly reduce the potential damage caused by these increasingly sophisticated attacks. Implementing a comprehensive approach to software security, including sandboxing techniques, regular vendor audits, and fostering a security-focused culture within the organisation, will help mitigate the risks associated with supply chain attacks and protect valuable assets and data.

 References:

(1) Gallagher, S. (2023, April 3). False Positive or the Real Deal? 3CX Supply Chain Attack Raises Questions. The Register. Retrieved from https://www.theregister.com/2023/04/03/3cx_false_positive_supply_chain_attack/

(2) Jackson, M. (2023, April). What Went Wrong with the 3CX Software Supply Chain Attack and How It Could Have Been Prevented. Security Boulevard. Retrieved from https://securityboulevard.com/2023/04/what-went-wrong-with-the-3cx-software-supply-chain-attack-and-how-it-could-have-been-prevented/

(3) Anderson, J. (n.d.). Kaseya Supply Chain Attack: What You Need to Know. Expel. Retrieved from https://expel.com/blog/kaseya-supply-chain-attack-what-you-need-to-know/

(4) International Organization for Standardization (ISO) & International Electrotechnical Commission (IEC). (2013). ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements. Retrieved from https://www.iso.org/standard/54534.html

Want to learn more, Why not get In touch with our team today!

Find Out More
The Importance of Repackaging Apps in MSIX Format for Improved Security

The Importance of Repackaging Apps in MSIX Format for Improved Security

Feb 3, 2023 | Articles

In today’s digital landscape, security is a top concern for businesses of all sizes. The rise of remote work and the increasing use of cloud-based apps has made it even more critical to protect sensitive information. One effective way to improve the security of business apps is to repackage them in the MSIX format.

MSIX is a modern application package format that provides a secure and reliable way to install, update, and manage applications on Windows 10, 11 devices and Windows Server 2022. This format has several benefits over traditional installation methods, including:

Improved security: MSIX apps are protected by Windows security features, including SmartScreen and Windows Defender, which help prevent malware infections and reduce the risk of data breaches. Additionally, MSIX supports compliance with industry security standards, such as Cyber Essentials, by providing a secure and managed container for apps and addressing key security principles such as boundary firewalls and internet gateways, secure configuration, access control, malware protection, and patch management.

Simplified deployment: MSIX apps can be easily deployed and managed through the Microsoft Store for Business and enterprise delivery technologies like Microsoft Intune, VMware Workspace One and AppVentiX, which eliminate the need for manual installations and reduce the risk of configuration errors.

Additionally, migrating to MSIX enables dynamic application delivery (MSIX app attach), allowing enterprises to deploy and manage applications centrally to the users who need each specific app without installing every app on the master image. Businesses can use the likes of Azure Virtual Desktop, AppVentiX, Nerdio, VMware App Volumes and Parallels RAS to deliver applications in the MSIX app attach format to users.

Streamlined updates: MSIX apps can be updated automatically through the Microsoft Store for Business and other supported MSIX enterprise app management solutions, ensuring that users have the latest version of the app with the latest security updates and bug fixes.

Sandboxing: The MSIX format also provides a sandboxing capability, which isolates the app from the underlying operating system (container), reducing the risk of malware infections and other security threats. The sandbox container provides limited access to system resources, including read access to the global file and registry of the device. This helps to prevent the app from making unauthorized changes to the system or accessing sensitive information. MSIX images (MSIX app attach) mount to the virtual desktop as read-only, which further helps tighten the grip on security.

Code signing Certificates: code signing certificates with MSIX packages are a mandatory requirement to enable installation. This can add a level of trust to the apps you use, which is important in the context of enterprise app deployment. The certificate helps to verify the authenticity of the MSIX package and that it has not been altered or infected by malware. This provides extra protection for sensitive information and reduces the risk of security breaches. Additionally, code-signing certificates can help ensure compliance with industry standards and regulations. This can provide peace of mind for businesses and their customers, as they know that the applications they are using are secure and trustworthy.

Legacy apps: Legacy applications can pose a significant security risk as they may not have been updated to address the latest security threats. By packaging legacy apps into MSIX format, organizations can ensure that they have a secure, containerized version of the application. Sealing is a term we use at appCURE for packaging old applications into an MSIX. Sealing an application into the MSIX package means the application will not change and will not receive future updates. Sealing into an MSIX reduces the risk of security vulnerabilities. MSIX helps businesses meet industry security standards and reduces the risk of security breaches, even when faced with legacy applications that need to be maintained for archival or other reasons during modernization projects.

In conclusion, repackaging business apps in MSIX format provides numerous security benefits and helps businesses stay ahead of potential security threats. By using MSIX, companies can simplify their application deployment and management while ensuring their sensitive information is protected and aligned with industry standards such as Cyber Essentials. It’s time to make the switch to MSIX and take control of your app security today.

 

Want to learn more, Why not get In touch with our team today!

Find Out More